Generative AI and advanced editing tools enable malicious actors to create high-quality fake images that can facilitate fraud, attack reputations, and manipulate elections. We analyze the security properties of the design, implementation, and use of the Coalition for Content Provenance and Authenticity (C2PA) digital provenance specifications, Version 2.2. C2PA binds cryptographic assertions of provenance to a digital asset, with the goal of assisting users to judge the asset's provenance and authenticity. When generating or modifying digital assets, C2PA implementations collect and place provenance data into a manifest of claims, then apply digital signature algorithms and optionally timestamp using a trusted timestamping authority.

Our analysis (1) evaluates the C2PA specification, including its requirements, RFC 3161 timestamps, validation guidelines, trust management, and privacy considerations, (2) identifies challenges and limitations facing users by processing revealing representative examples of C2PA metadata using multiple public validators, (3) assesses the compliance and efficacy of the Google Pixel 10 C2PA implementation, which C2PA currently lists as a conforming product at the maximum assurance level, and (4) performs the first formal-methods analysis of C2PA protocols, and by extension of the RFC 3161 trusted timestamp protocol.

Our investigation uncovers three major weaknesses. First, our formal models show that C2PA claim generators and validators achieve strong agreement on the claim's assertions, but not on the claim's trusted timestamp. Consequently, a claim may exist with competing timestamps, enabling an adversary to cast doubt on a claim's provenance and authenticity. Second, from C2PA's metadata, including data that we generated using a Pixel 10 camera, we identify multiple issues with the Version 2.2 system: lack of version information on claims, inadequate clarity for identifying an asset's active claim manifest, inconsistent validation, and inadequate certificate revocation management. Third, we determine that the Pixel 10 complies with the C2PA specification, but the initial Pixel 10 implementation fails to include important metadata (e.g., EXIF metadata) in claims. Through examples, including ones we created using a Pixel 10 camera, we identify limitations and capabilities of C2PA's approach for helping users determine the authenticity of digital objects.

While C2PA takes some useful steps toward solving an important problem, our work shows that the specifications are not ready for standardization or deployment.   Serious structural weaknesses include missing critical information (e.g., version, time, location), inappropriately liberal policies (e.g., validators may ignore malformed fields), and inadequate treatments of timestamps and certificate management (e.g., lists of trusted products and certificates, certificate revocations). The long, complex specifications with several critical optional features confuse validators.  Although C2PA achieves its limited goal that assertions of provenance are tamper-evident, this goal is insufficient to verify provenance or veracity of digital assets.  We suggest ways to strengthen C2PA. The Pixel 10 and Version 2.3 of the specifications implemented some of our suggestions.

 

Enis Golaszewski is a teaching assistant professor of computer science at UMBC in the CSEE Department.  He holds weekly workshops in formal-methods analyses of cryptographic protocols using the Cryptographic Protocol Shapes Analyzer (CPSA). His current research projects include analysis of the Coalition for Content Provenance and Authenticity (C2PA) protocol. Golaszewski earned the PhD under Sherman. His dissertation includes the design and development of a tool—ProtoBindGuard—that automatically binds protocol messages to context to prevent protocol-interaction attacks.  Golaszewski is a former SFS scholar at UMBC. 

Neal Krawetz earned a PhD in computer science from Texas A&M University and bachelors degree in computer and information science from the University of California, Santa Cruz. In 2002, he founded Hacker Factor Solutions (hackerfactor.com), where he specializes in non-traditional computer forensics, online profiling, networking, and computer security. Today, he develops computer forensics software and provides FotoForensics,an online service for digital media photo analysis. Dr. Krawetz has been performing ongoing detailed evaluations of C2PA since it was first introduced in 2021.

 

Host: Dr. Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the NSF under SFS grants DGE-1753681 and 2438185. The UMBC Cyber Defense Lab meets biweekly on Fridays 12-1pm.  All meetings are open to the public.